Synced 16 Jun 2026 15:24 UTC Account

Is Spring Boot 2.3.12 patched?

VMware · cycle 2.3 · end of life · Official site ↗
2.3.1240/100End of life

Current stable (4.1.0): 100/100

Minimum safe version2.7.33

2.3.12 has 5 open critical-or-high vulnerabilities. Run 2.7.33 or later to clear them. See what 2.7.33 fixes →

Health score40/100
Open issues7
Exploited now0
Cycle 2.3 EOL2021-05-20
Latest release4.1.0

Summary iPlain-English security status for Spring Boot 2.3.12, built from its CVEs, active-exploitation data, end-of-life date and latest release.

Spring Boot 2.3.12 is part of the 2.3 release line. 7 known vulnerabilities affect it. The minimum safe version is 2.7.33 — upgrade to it or later to clear the open critical/high issues. The 2.3 line reached end-of-life on 2021-05-20, so it no longer receives security patches. The latest supported Spring Boot release is 4.1.0.

Known issues affecting 2.3.12

Exploited first, then by exploitation probability.

CVE-2023-20873 CRITICAL EPSS 1% → fixed in 3.0.6 CVE-2023-20883 HIGH EPSS 1% → fixed in 2.5.14 CVE-2026-22733 HIGH EPSS 0% → fixed in 4.0.4 CVE-2026-40972 HIGH EPSS 0% → fixed in 4.0.6 CVE-2026-40975 MEDIUM EPSS 0% → fixed in 4.0.6 CVE-2026-40973 HIGH EPSS 0% → fixed in 4.0.6 CVE-2026-40977 MEDIUM EPSS 0% → fixed in 4.0.6

Other Spring Boot versions

Check another release line of Spring Boot.

Spring Boot 4.1.0Spring Boot 4.0.7Spring Boot 3.5.15Spring Boot 3.4.13Spring Boot 3.3.13Spring Boot 3.2.12Spring Boot 3.1.12Spring Boot 3.0.13Spring Boot 2.7.18Spring Boot 2.6.15Spring Boot 2.5.15Spring Boot 2.4.13Spring Boot 2.2.13Spring Boot 2.1.18Spring Boot 2.0.9Spring Boot 1.5.22

Frequently asked

Is Spring Boot 2.3.12 patched?

Spring Boot 2.3.12 is end-of-life and no longer receives security patches. Move to 4.1.0.

What version should I upgrade Spring Boot 2.3.12 to?

Upgrade Spring Boot 2.3.12 to at least 2.7.33 to clear its 5 open critical-or-high vulnerabilities.

When does Spring Boot 2.3 reach end-of-life?

Spring Boot 2.3 reached end-of-life on 2021-05-20 and no longer receives security patches.

What is the latest version of Spring Boot?

The latest supported Spring Boot release is 4.1.0.

Is Spring Boot 2.3.12 still receiving security updates?

No — Spring Boot 2.3.12 is on the 2.3 line, which reached end-of-life on 2021-05-20 and no longer receives security updates. Upgrade to 4.1.0 or later to stay supported.

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against VMware's official advisory before you patch or upgrade — Spring Boot official site ↗